Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-apps/busybox/files
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/busybox/files')
-rw-r--r--sys-apps/busybox/files/busybox-1.24.1-trylink-ldflags.patch32
-rw-r--r--sys-apps/busybox/files/busybox-1.24.1-unzip-regression.patch135
-rw-r--r--sys-apps/busybox/files/busybox-1.24.1-unzip.patch112
-rw-r--r--sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2147.patch72
-rw-r--r--sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2148.patch55
-rw-r--r--sys-apps/busybox/files/busybox-1.24.2-ash-recursive-heredocs.patch83
6 files changed, 0 insertions, 489 deletions
diff --git a/sys-apps/busybox/files/busybox-1.24.1-trylink-ldflags.patch b/sys-apps/busybox/files/busybox-1.24.1-trylink-ldflags.patch
deleted file mode 100644
index 9d61ceb7badf..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.1-trylink-ldflags.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 77e2bde6a50f0f6b9b3c9983c86e661a9872b5f6 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Tue, 1 Dec 2015 11:25:10 -0500
-Subject: [PATCH] trylink: include LDFLAGS when checking linkage
-
-The user might be including options in their LDFLAGS (like -fuse-ld=gold)
-that change the behavior of the linker and thus change the results of the
-flag tests. Make sure we include the user's LDFLAGS when running these
-tests so we filter out flags that will fail when used later on.
-
-URL: https://bugs.gentoo.org/499712
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- scripts/trylink | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/trylink b/scripts/trylink
-index 6e1187e..3c431ed 100755
---- a/scripts/trylink
-+++ b/scripts/trylink
-@@ -54,7 +54,7 @@ check_cc() {
- # "eval" may be needed if CFLAGS can contain
- # '... -D"BB_VER=KBUILD_STR(1.N.M)" ...'
- # and we need shell to process quotes!
-- $CC $CFLAGS $1 "$tempname".c -o "$tempname" >/dev/null 2>&1
-+ $CC $CFLAGS $LDFLAGS $1 "$tempname".c -o "$tempname" >/dev/null 2>&1
- r=$?
- rm -f "$tempname" "$tempname".c "$tempname".o
- return $r
---
-2.6.2
-
diff --git a/sys-apps/busybox/files/busybox-1.24.1-unzip-regression.patch b/sys-apps/busybox/files/busybox-1.24.1-unzip-regression.patch
deleted file mode 100644
index 58d7b7c6bb00..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.1-unzip-regression.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 30 Oct 2015 23:41:53 +0100
-Subject: [PATCH] [g]unzip: fix recent breakage.
-
-Also, do emit error message we so painstakingly pass from gzip internals
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
- testsuite/unzip.tests | 1 +
- 2 files changed, 22 insertions(+), 12 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index c76fd31..357c9bf 100644
---- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
- huft_t *q; /* points to current table */
- huft_t r; /* table entry for structure assignment */
- huft_t *u[BMAX]; /* table stack */
-- unsigned v[N_MAX]; /* values in order of bit length */
-- unsigned v_end;
-+ unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
- int ws[BMAX + 1]; /* bits decoded stack */
- int w; /* bits decoded */
- unsigned x[BMAX + 1]; /* bit offsets, then code stack */
-@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
- *xp++ = j;
- }
-
-- /* Make a table of values in order of bit lengths */
-+ /* Make a table of values in order of bit lengths.
-+ * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
-+ * In particular, last v[i] is never filled and must not be accessed.
-+ */
-+ memset(v, 0xff, sizeof(v));
- p = b;
- i = 0;
-- v_end = 0;
- do {
- j = *p++;
- if (j != 0) {
- v[x[j]++] = i;
-- v_end = x[j];
- }
- } while (++i < n);
-
-@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
-
- /* set up table entry in r */
- r.b = (unsigned char) (k - w);
-- if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
-+ if (/*p >= v + n || -- redundant, caught by the second check: */
-+ *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
-+ ) {
- r.e = 99; /* out of values--invalid code */
- } else if (*p < s) {
- r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
-@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
- e = t->e;
- if (e > 16)
- do {
-- if (e == 99)
-- abort_unzip(PASS_STATE_ONLY);;
-+ if (e == 99) {
-+ abort_unzip(PASS_STATE_ONLY);
-+ }
- bb >>= t->b;
- k -= t->b;
- e -= 16;
-@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
- e = t->e;
- if (e > 16)
- do {
-- if (e == 99)
-+ if (e == 99) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
- bb >>= t->b;
- k -= t->b;
- e -= 16;
-@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
-
- b_dynamic >>= 4;
- k_dynamic -= 4;
-- if (nl > 286 || nd > 30)
-+ if (nl > 286 || nd > 30) {
- abort_unzip(PASS_STATE_ONLY); /* bad lengths */
-+ }
-
- /* read in bit-length-code lengths */
- for (j = 0; j < nb; j++) {
-@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
- bl = lbits;
-
- i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
-- if (i != 0)
-+ if (i != 0) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
- bd = dbits;
- i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
-- if (i != 0)
-+ if (i != 0) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
-
- /* set up data for inflate_codes() */
- inflate_codes_setup(PASS_STATE bl, bd);
-@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
- error_msg = "corrupted data";
- if (setjmp(error_jmp)) {
- /* Error from deep inside zip machinery */
-+ bb_error_msg(error_msg);
- n = -1;
- goto ret;
- }
-diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
-index ca0a458..d8738a3 100755
---- a/testsuite/unzip.tests
-+++ b/testsuite/unzip.tests
-@@ -34,6 +34,7 @@ rm foo.zip
- testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
- "Archive: bad.zip
- inflating: ]3j½r«IK-%Ix
-+unzip: corrupted data
- unzip: inflate error
- 1
- " \
---
-2.6.2
-
diff --git a/sys-apps/busybox/files/busybox-1.24.1-unzip.patch b/sys-apps/busybox/files/busybox-1.24.1-unzip.patch
deleted file mode 100644
index 722b5fb83a7a..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.1-unzip.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-https://bugs.gentoo.org/564246
-
-From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 26 Oct 2015 19:33:05 +0100
-Subject: [PATCH] unzip: test for bad archive SEGVing
-
-function old new delta
-huft_build 1296 1300 +4
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/decompress_gunzip.c | 11 +++++++----
- testsuite/unzip.tests | 23 ++++++++++++++++++++++-
- 2 files changed, 29 insertions(+), 5 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index 7b6f459..30bf451 100644
---- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
- unsigned i; /* counter, current code */
- unsigned j; /* counter */
- int k; /* number of bits in current code */
-- unsigned *p; /* pointer into c[], b[], or v[] */
-+ const unsigned *p; /* pointer into c[], b[], or v[] */
- huft_t *q; /* points to current table */
- huft_t r; /* table entry for structure assignment */
- huft_t *u[BMAX]; /* table stack */
- unsigned v[N_MAX]; /* values in order of bit length */
-+ unsigned v_end;
- int ws[BMAX + 1]; /* bits decoded stack */
- int w; /* bits decoded */
- unsigned x[BMAX + 1]; /* bit offsets, then code stack */
-@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
-
- /* Generate counts for each bit length */
- memset(c, 0, sizeof(c));
-- p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */
-+ p = b;
- i = n;
- do {
- c[*p]++; /* assume all entries <= BMAX */
-@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
- }
-
- /* Make a table of values in order of bit lengths */
-- p = (unsigned *) b;
-+ p = b;
- i = 0;
-+ v_end = 0;
- do {
- j = *p++;
- if (j != 0) {
- v[x[j]++] = i;
-+ v_end = x[j];
- }
- } while (++i < n);
-
-@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
-
- /* set up table entry in r */
- r.b = (unsigned char) (k - w);
-- if (p >= v + n) {
-+ if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
- r.e = 99; /* out of values--invalid code */
- } else if (*p < s) {
- r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
-diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
-index 8677a03..ca0a458 100755
---- a/testsuite/unzip.tests
-+++ b/testsuite/unzip.tests
-@@ -7,7 +7,7 @@
-
- . ./testing.sh
-
--# testing "test name" "options" "expected result" "file input" "stdin"
-+# testing "test name" "commands" "expected result" "file input" "stdin"
- # file input will be file called "input"
- # test can create a file "actual" instead of writing to stdout
-
-@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
- rmdir foo
- rm foo.zip
-
-+# File containing some damaged encrypted stream
-+testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
-+"Archive: bad.zip
-+ inflating: ]3j½r«IK-%Ix
-+unzip: inflate error
-+1
-+" \
-+"" "\
-+begin-base64 644 bad.zip
-+UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
-+eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
-+AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
-+oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
-+JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
-+BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
-+NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
-+====
-+"
-+
-+rm *
-+
- # Clean up scratch directory.
-
- cd ..
---
-2.6.2
-
diff --git a/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2147.patch b/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2147.patch
deleted file mode 100644
index 2187c9b6732c..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2147.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 3c4de6e36c4d387a648622e7b828a05f2b1b47e6 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 26 Feb 2016 15:54:56 +0100
-Subject: [PATCH] udhcpc: fix OPTION_6RD parsing (could overflow its malloced
- buffer)
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-(cherry picked from commit 352f79acbd759c14399e39baef21fc4ffe180ac2)
----
- networking/udhcp/common.c | 15 +++++++++++++--
- networking/udhcp/dhcpc.c | 4 ++--
- 2 files changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
-index bc41c8d..680852c 100644
---- a/networking/udhcp/common.c
-+++ b/networking/udhcp/common.c
-@@ -142,7 +142,7 @@ const char dhcp_option_strings[] ALIGN1 =
- * udhcp_str2optset: to determine how many bytes to allocate.
- * xmalloc_optname_optval: to estimate string length
- * from binary option length: (option[LEN] / dhcp_option_lengths[opt_type])
-- * is the number of elements, multiply in by one element's string width
-+ * is the number of elements, multiply it by one element's string width
- * (len_of_option_as_string[opt_type]) and you know how wide string you need.
- */
- const uint8_t dhcp_option_lengths[] ALIGN1 = {
-@@ -162,7 +162,18 @@ const uint8_t dhcp_option_lengths[] ALIGN1 = {
- [OPTION_S32] = 4,
- /* Just like OPTION_STRING, we use minimum length here */
- [OPTION_STATIC_ROUTES] = 5,
-- [OPTION_6RD] = 22, /* ignored by udhcp_str2optset */
-+ [OPTION_6RD] = 12, /* ignored by udhcp_str2optset */
-+ /* The above value was chosen as follows:
-+ * len_of_option_as_string[] for this option is >60: it's a string of the form
-+ * "32 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 ".
-+ * Each additional ipv4 address takes 4 bytes in binary option and appends
-+ * another "255.255.255.255 " 16-byte string. We can set [OPTION_6RD] = 4
-+ * but this severely overestimates string length: instead of 16 bytes,
-+ * it adds >60 for every 4 bytes in binary option.
-+ * We cheat and declare here that option is in units of 12 bytes.
-+ * This adds more than 60 bytes for every three ipv4 addresses - more than enough.
-+ * (Even 16 instead of 12 should work, but let's be paranoid).
-+ */
- };
-
-
-diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
-index 915f659..2332b57 100644
---- a/networking/udhcp/dhcpc.c
-+++ b/networking/udhcp/dhcpc.c
-@@ -113,7 +113,7 @@ static const uint8_t len_of_option_as_string[] = {
- [OPTION_IP ] = sizeof("255.255.255.255 "),
- [OPTION_IP_PAIR ] = sizeof("255.255.255.255 ") * 2,
- [OPTION_STATIC_ROUTES ] = sizeof("255.255.255.255/32 255.255.255.255 "),
-- [OPTION_6RD ] = sizeof("32 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 "),
-+ [OPTION_6RD ] = sizeof("132 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 "),
- [OPTION_STRING ] = 1,
- [OPTION_STRING_HOST ] = 1,
- #if ENABLE_FEATURE_UDHCP_RFC3397
-@@ -220,7 +220,7 @@ static NOINLINE char *xmalloc_optname_optval(uint8_t *option, const struct dhcp_
- type = optflag->flags & OPTION_TYPE_MASK;
- optlen = dhcp_option_lengths[type];
- upper_length = len_of_option_as_string[type]
-- * ((unsigned)(len + optlen - 1) / (unsigned)optlen);
-+ * ((unsigned)(len + optlen) / (unsigned)optlen);
-
- dest = ret = xmalloc(upper_length + strlen(opt_name) + 2);
- dest += sprintf(ret, "%s=", opt_name);
---
-2.7.4
-
diff --git a/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2148.patch b/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2148.patch
deleted file mode 100644
index 08e08bec173d..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.2-CVE-2016-2148.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 3a76bb5136d05f94ee62e377aa723e63444912c7 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Thu, 10 Mar 2016 11:47:58 +0100
-Subject: [PATCH] udhcp: fix a SEGV on malformed RFC1035-encoded domain name
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-(cherry picked from commit d474ffc68290e0a83651c4432eeabfa62cd51e87)
----
- networking/udhcp/domain_codec.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/networking/udhcp/domain_codec.c b/networking/udhcp/domain_codec.c
-index c1325d8..8429367 100644
---- a/networking/udhcp/domain_codec.c
-+++ b/networking/udhcp/domain_codec.c
-@@ -63,11 +63,10 @@ char* FAST_FUNC dname_dec(const uint8_t *cstr, int clen, const char *pre)
- if (crtpos + *c + 1 > clen) /* label too long? abort */
- return NULL;
- if (dst)
-- memcpy(dst + len, c + 1, *c);
-+ /* \3com ---> "com." */
-+ ((char*)mempcpy(dst + len, c + 1, *c))[0] = '.';
- len += *c + 1;
- crtpos += *c + 1;
-- if (dst)
-- dst[len - 1] = '.';
- } else {
- /* NUL: end of current domain name */
- if (retpos == 0) {
-@@ -78,7 +77,10 @@ char* FAST_FUNC dname_dec(const uint8_t *cstr, int clen, const char *pre)
- crtpos = retpos;
- retpos = depth = 0;
- }
-- if (dst)
-+ if (dst && len != 0)
-+ /* \4host\3com\0\4host and we are at \0:
-+ * \3com was converted to "com.", change dot to space.
-+ */
- dst[len - 1] = ' ';
- }
-
-@@ -228,6 +230,9 @@ int main(int argc, char **argv)
- int len;
- uint8_t *encoded;
-
-+ uint8_t str[6] = { 0x00, 0x00, 0x02, 0x65, 0x65, 0x00 };
-+ printf("NUL:'%s'\n", dname_dec(str, 6, ""));
-+
- #define DNAME_DEC(encoded,pre) dname_dec((uint8_t*)(encoded), sizeof(encoded), (pre))
- printf("'%s'\n", DNAME_DEC("\4host\3com\0", "test1:"));
- printf("test2:'%s'\n", DNAME_DEC("\4host\3com\0\4host\3com\0", ""));
---
-2.7.4
-
diff --git a/sys-apps/busybox/files/busybox-1.24.2-ash-recursive-heredocs.patch b/sys-apps/busybox/files/busybox-1.24.2-ash-recursive-heredocs.patch
deleted file mode 100644
index 5405eafeaa9e..000000000000
--- a/sys-apps/busybox/files/busybox-1.24.2-ash-recursive-heredocs.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 4194c2875310c13ee3ca2bb0e1aea6a2ae67c55a Mon Sep 17 00:00:00 2001
-From: Ron Yorston <rmy@pobox.com>
-Date: Thu, 29 Oct 2015 16:44:56 +0000
-Subject: [PATCH] ash: fix error during recursive processing of here document
-
-Save the value of the checkkwd flag to prevent it being clobbered
-during recursion.
-
-Based on commit ec2c84d from git://git.kernel.org/pub/scm/utils/dash/dash.git
-by Herbert Xu.
-
-function old new delta
-readtoken 190 203 +13
-------------------------------------------------------------------------------
-(add/remove: 0/0 grow/shrink: 1/0 up/down: 13/0) Total: 13 bytes
-
-Signed-off-by: Ron Yorston <rmy@pobox.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-(cherry picked from commit 713f07d906d9171953be0c12e2369869855b6ca6)
----
- shell/ash.c | 5 +++--
- shell/ash_test/ash-heredoc/heredoc3.right | 1 +
- shell/ash_test/ash-heredoc/heredoc3.tests | 9 +++++++++
- 3 files changed, 13 insertions(+), 2 deletions(-)
- create mode 100644 shell/ash_test/ash-heredoc/heredoc3.right
- create mode 100755 shell/ash_test/ash-heredoc/heredoc3.tests
-
-diff --git a/shell/ash.c b/shell/ash.c
-index 8a1628e..256e933 100644
---- a/shell/ash.c
-+++ b/shell/ash.c
-@@ -11893,6 +11893,7 @@ static int
- readtoken(void)
- {
- int t;
-+ int kwd = checkkwd;
- #if DEBUG
- smallint alreadyseen = tokpushback;
- #endif
-@@ -11906,7 +11907,7 @@ readtoken(void)
- /*
- * eat newlines
- */
-- if (checkkwd & CHKNL) {
-+ if (kwd & CHKNL) {
- while (t == TNL) {
- parseheredoc();
- t = xxreadtoken();
-@@ -11920,7 +11921,7 @@ readtoken(void)
- /*
- * check for keywords
- */
-- if (checkkwd & CHKKWD) {
-+ if (kwd & CHKKWD) {
- const char *const *pp;
-
- pp = findkwd(wordtext);
-diff --git a/shell/ash_test/ash-heredoc/heredoc3.right b/shell/ash_test/ash-heredoc/heredoc3.right
-new file mode 100644
-index 0000000..ce01362
---- /dev/null
-+++ b/shell/ash_test/ash-heredoc/heredoc3.right
-@@ -0,0 +1 @@
-+hello
-diff --git a/shell/ash_test/ash-heredoc/heredoc3.tests b/shell/ash_test/ash-heredoc/heredoc3.tests
-new file mode 100755
-index 0000000..96c227c
---- /dev/null
-+++ b/shell/ash_test/ash-heredoc/heredoc3.tests
-@@ -0,0 +1,9 @@
-+echo hello >greeting
-+cat <<EOF &&
-+$(cat greeting)
-+EOF
-+{
-+ echo $?
-+ cat greeting
-+} >/dev/null
-+rm greeting
---
-2.7.4
-